Server-side Request Forgery (SSRF)

Overview @dadigua/hyperchat is a HyperChat Core - Node.js backend and CLI tool with AI chat, MCP support Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the AI Proxy Middleware component when processing the baseurl argument. An attack...

ionic-spid-poc-crs

SPID SSO POC — Ionic React + Node.js + Signicat Sandbox A p...

HAXcms with nodejs backend 跨站脚本漏洞

HAXcms with nodejs backend is an open source backend management system from HAX The Web. A cross-site scripting vulnerability exists in HAXcms with nodejs backend version 11.0.7 and earlier, which stems from disabling content security policies and could lead to cross-site scripting attacks...

CVE-2023-28444 angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...

Remote code execution

Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was...

CVE-2021-21353 Remote code execution in pug

Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was...